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CLAIMS : 

What is claimed is: 

1. A method in a data processing system for managing 
access to resources, the method comprising: 

granting a process a security identifier, wherein 
the security identifier has no meaning outside of being 
used to make an access decision for a specific resource; 
and 

responsive to the process requesting access to the 
specific resource, generating the access decision based 
on the security identifier. 

2. The method of claim 1, wherein the object access 
identifier is granted based on a path of execution. 

3. The method of claim 1, wherein the object access 
identifier is granted based on an identity of the process 
and a second process invoked by the process. 

4. The method of claim 1, wherein the granting step 
includes : 

setting the security identifier a an access control 
list operation. 

5. The method of claim 1 further comprising: 
changing the security identifier in response to the 

process invoking a selected resource. 
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6. The method of claim 1, wherein the generating step 
includes : 

using the security identifier as an identity in an 
access control list to identify a right to the specific 
resource. 

7. The method of claim 1, wherein the security 
identifier is a right in an access control list. 

8. A data processing system for managing access to 
resources, the data processing system comprising: 

granting means for granting a process a security 
identifier, wherein the security identifier has no 
meaning outside of being used to make an access decision 
for a specific resource; and 

generating means responsive to the process 
requesting access to the specific resource, for 
generating the access decision based on the security 
identifier. 

9. The data processing system of claim 8, wherein the 
object access identifier is granted based on a path of 
execution. 

10. The data processing system of claim 8, wherein the 
object access identifier is granted based on an identity 
of the process and a second process invoked by the 
process . 
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11. The data processing system of claim 8, wherein the 
granting means includes: 

setting means for setting the security identifier a 
an access control list operation. 

12. The data processing system of claim 8 further 
comprising: 

changing means for changing the security identifier 
in response to the process invoking a selected resource. 

13. The data processing system of claim 8, wherein the 
generating means includes: 

using means for using the security identifier as an 
identity in an access control list to identify a right to 
the specific resource. 

14. The data processing system of claim 8, wherein the 
security identifier is a right in an access control list. 

15. A computer program product in a computer readable 
medium in a data processing system for managing access to 
resources, the computer program product comprising: 

first instructions for granting a process a security 
identifier, wherein the security identifier has no 
meaning outside of being used to make an access decision 
for a specific resource; and 

second instructions responsive to the process 
requesting access to the specific resource, for 
generating the access decision based on the security 
identifier. 
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16. The computer program product of claim 15, wherein 
the object access identifier is granted based on a path 
of execution. 

17. The computer program product of claim 15, wherein 
the object access identifier is granted based on an 
identity of the process and a second process invoked by 
the process. 

18. The computer program product of claim 15, wherein 
the first instructions includes: 

sub-instructions for setting the security identifier 
a an access control list operation. 

19. The computer program product of claim 15 further 
comprising: 

third instructions for changing the security 
identifier in response to the process invoking a selected 
resource. 

20. The computer program product of claim 15, wherein 
the second instructions includes: 

sub-instructions for using the security identifier 
as an identity in an access control list to identify a 
right to the specific resource. 

21. The computer program product of claim 15, wherein 
the security identifier is a right in an access control 
list. 



29 

Docket No. AUS920030616US1 



22. A data processing system comprising: 
a bus system; 

a memory connected to the bus system, wherein the 
memory includes a set of instructions; and 

a processing unit connected to the bus system, 
wherein the processing unit executes the set of 
instructions to grant a process a security identifier, 
wherein the security identifier has no meaning outside of 
being used to make an access decision for a specific 
resource; and generate the access decision based on the 
security identifier responsive to the process requesting 
access to the specific resource. 



